Overly Complex IT Infrastructures Pose Security Risk

Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds.

More than two-thirds of companies plan to increase their cyber budget in 2022 to better protect their systems and data, with more than half of executives fearing an increase in reportable attacks, new data from consulting firm PricewaterhouseCoopers shows.
Yet the major threat to companies is an avoidable level of unnecessary complexity that has led to increased risk, with three-quarters (75%) of executives agreeing that their organizations infrastructure has become too complex and nearly the same number agreeing that complexity has led to concerning levels of risk, according to the report. Overall, executives worry that complexity will primarily lead to breaches and financial losses but also hamper innovation and undermine operational resilience.
Organizations need to focus on simplifying their operations and infrastructure and determine whether complexity is necessary, according to PwCs new 2022 Global Digital Trends Insights report.
The consequences for an attack rise as our systems’ interdependencies grow more and more complex, the report states. Critical infrastructures are especially vulnerable. And yet, many of the breaches were seeing are still preventable with sound cyber practices and strong controls.
The
Global Digital Trust Insights Survey
annually polls more than 3,600 business, technology, and security executives, focusing on primarily (62%) large companies with at least $1 billion in revenue. While 69% of companies expect to increase their cyber budgets in 2022, and 26% expect an increase of 11% or more, many organization are not yet seeing a payoff from their investments in security.
More than half of companies have invested in cloud security, security awareness training, or endpoint security, but only roughly a third of those companies are achieving the benefits of those implementations, according to the 2022 Global Digital Trust Insights report.
Part of the reason is the complexity of their environments, and often the technology, two PwC executives stated in a strategy brief published earlier this year.
[C]omplexity has driven cyber risks and costs to dangerous new heights, Richard Horne, UK cybersecurity chair for PwC United Kingdom, and Sean Joyce, global and US cybersecurity and privacy leader for PwC United States,
stated in a brief published in February
. The numbers of significant cyberattacks globally are increasing and include potentially devastating criminal ransomware attacks and nation-state activity targeting government agencies, defense and high-tech systems by, for example, breaching IT network-management software and other suppliers.
Overall, the most mature organizations that are tackling complexity are 12 times more likely to have an engaged CEO, 11 times more likely to understand the risk that third parties pose to their cybersecurity and data privacy postures, and 10 times more likely to have a formal process for data trust practices, according to the report.
Yet only about a third of companies have taken steps to streamline their businesses and operations over the past two years, the survey found.
Simplify to Shrink the Attack Surface
Unsurprisingly, as the pandemic unfolded, 35% of companies have defined a new mix of remote, virtual, and on-site work, while 33% reorganized their business functions and 32% consolidated their technology vendors.
The companies evenly spread out their budgets for simplification across nine different initiatives, including an estimated 36% of budgets spread equally across integrating controls and processes across disciplines, reduc[ing] outdated or end-of-life technology, and adopting a cloud-first technology strategy.
The report argues that companies should remove complexity and reduce their attack surface area to improve their security and reduce the cost of securing their systems and data.
Security operations and interdisciplinary teams should take another look at their own infrastructure to find complexity that has been left behind, according to the report. Find tech solutions that cannot work together and teams that are not collaborating on resilience or third-party risk management, failing to have a process in place for governing data, and not looping in the business teams when debating cybersecurity measures and technologies.
Complexity isn’t bad in and of itself — often, it’s a by-product of business growth, the report states. The costs of creating unnecessary complexity are not obvious, and it’s hard to create urgency around combatting complexity — that is, until an attack occurs.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Overly Complex IT Infrastructures Pose Security Risk